DS4l8play, DS202j, DS3623xs+, DSM 8.025847-𝘣𝘦𝘵𝘢
All of my containers seem to have an issue with internet access. I can't pick the exact moment but it either occurred after I installed Portainer (and who knows what I might have accidentally clicked), or... I have recently got a qbittorrent container running with a built-in VPN (it created a new network (no attached containers).

But my jdownloader containers cannot connect anywhere; same with a youtube downloader (tried youtube and Vimeo links), and now I started radarr for the first time and tried to add a new show and the search function never completed, not would a tracker test OK.

I'm at a loss here. All was well a few days ago.

Interestingly the qbittorrentvpn docker works and I can download through my VPN provider at a nice rate.

But any "normal" connection fails.

All I can think of at this time is to delete the qbittorentvpn container (and its created network).

Here's what I have...

docker network ls
NETWORK ID          NAME                     DRIVER              SCOPE
a721129ed026        adguard_bridge           bridge              local
eb1c68c30ef9        adguard_network          macvlan             local
bd7635c43078        bridge                   bridge              local
26569c45a8f1        host                     host                local
c12cddbfa80e        none                     null                local
f1f681b90828        qbittorrentvpn_default   bridge              local
That's where all my containers are (except Adguard Home) but it seems nothing is "bridged".

OK... YIKES>>> this is some kind of DNS problem...

Using Portainer (I'm edging towards scary dangerous here...) I edited the containers for the jdownloader and the youtube downloader, adding to the DNS field. Saved and relaunched the containers, and both are working !!!

So... something is amiss with the bridge DNS. How do I troubleshoot that?

I'm further up on the learning curve that I have experience for... and I'm feeling a bit light-headed. Hoping someone can help me clear this up.
Portainer couldn't have done something that caused the behavior.

A VPN client on the other hand could have cause the behavior very much, especialy if the container runs in priviliged mode. Containers in privilged mode basicly run with "the host's root permissions" and are weak isolated compared to a normal container.

The default bridge network does not have a DNS server. Each container gets the file /etc/resolve.conf injected from the host. Whichever DNS servers are configured on the host, will be used inside the container.

Custom created bridge network on the other hand have a build in DNS Server, used to resolve service/container/service names of containers in the same network.

You can diagnose network problems with the netshoot container:
docker run -it --net container:<container_name> nicolaka/netshoot

This container provides an interacive shell with all required tools to troubleshoot network issues. It hooks into the "network interface" of another container (actualy it just hooks into the same namespace for the network interface used by the other container). The network behaves exactly like it would on the container you diagnose, with the difference that you have the swiss army knive of network troubleshooting tools at hand.

See: nicolaka/netshoot for further details.

Bonus: If you replace container:<container_name> with host, you can launch netshoot in the host's network namespace.
Thanks 🍪 It's good to know that I couldn't have damaged anything with Portainer... particularly as I cleaned out all the "leftover volumes" that I assumed where orphaned.

I'm playing w/netshoot, though I'm not at all sure what I'm seeing. I do have the qbittorentvpn container set to run in privileged mode. I unchecked that and relaunched the container, but its IPort browser URL would not load.

So my connectivity issue seems to point to the qbittorentvpn container. I may delete it and try to set it up from scratch (as I went down several wrong rabbit trails before I got it to work).

